Jump to content
Annluciap

[Arquivado] Arquivos com datas de criação/último acesso de 2030, 2040,...

Recommended Posts

Boa noite!

 

Estava trabalhando em um arquivo de um pendrive e ele ficou inacessível. Quando abri o pendrive vi que esse arquivo e outros estavam com datas de criação último acesso de 2030, 2040, entre outras. Outros arquivos ficaram corrompidos. Fiz uma varredura no pendrive e no computador e nada foi detectado. Será que há algum malware não detectado pelo Win Defender?

 

Seguem abaixo os logs da FRST:

 

https://www.cjoint.com/c/KBCxH5n7VaZ

https://www.cjoint.com/c/KBCxJaDfAGZ

 

Muito obrigada!

 

Obs.: O mesmo tópico foi possivelmente criado em local errado, peço que seja deletado.

Share this post


Link to post
Share on other sites

/!\ Boa Tarde! Annluciap /!\

 

Citar


> Baixe esta ferramenta (UsbFix),e a execute .
> Faça-o com o pendrive infectado inserido!
> Ps: Feche a janela que pede a atualização da mesma.

 

0512G1uy_t.jpg

 

> Clique Run an Analysis.

 

TGdkaHXd_t.jpg

 

> Dentre as opções,escolha "Analyze Windows".

 

B45hHpOY_t.jpg

 

> Ao concluir,clique "Report".
> Poste o relatório! (UsbFix_Report)

> Agora,abra novamente a ferramenta e clique em "Scan USB Disks".
> Ao concluir,você pode remover o pendrive!
> Poste também este relatório!

 

[]s

Share this post


Link to post
Share on other sites

Boa noite, DigRam!

 

Conforme orientações, seguem os relatórios.

 

Obrigada e desculpa pela demora!

 

Obs.: Após o evento de troca de datas dos arquivos e outros, eu fiz uma varredura com o Win Defender, copiei os arquivos que não foram corrompidos para outro local e formatei o pendrive.

 

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Windows
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 24/03/2021 18:43:05
# ----------------------------------------------------

------------ | Analyzed disks |

C:\    NTFS    (216GB/465GB)    [Fixed] 

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync

------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |

[13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt
[24/03/2021 - 09:02:18 | ASH | 8 Ko] - DumpStack.log.tmp
[24/03/2021 - 09:02:17 | ASH | 3138180 Ko] - hiberfil.sys
[24/03/2021 - 09:02:18 | ASH | 262144 Ko] - swapfile.sys
[24/03/2021 - 16:05:38 | ASH | 2438768 Ko] - pagefile.sys
[06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd
[10/06/2020 - 20:06:24 | SHD] - Config.Msi
[06/03/2017 - 22:23:55 | A | 2 Ko] - console.log
[20/02/2021 - 13:19:26 | ASH | 8 Ko] - DumpStack.log
[25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat
[30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin
[14/07/2009 - 02:08:56 | SHD] - Documents and Settings
[12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas
[12/11/2013 - 10:20:06 | RHD] - MSOCache
[06/02/2014 - 12:56:19 | D] - Php2
[06/02/2014 - 13:13:19 | D] - PHP
[06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME
[15/12/2014 - 09:21:55 | D] - temp
[06/02/2015 - 16:28:10 | D] - Level up
[01/09/2015 - 10:08:30 | D] - MySQL_1
[23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c
[30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT
[07/09/2017 - 21:37:32 | D] - dosprog
[02/03/2018 - 14:47:49 | HD] - $SysReset
[03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies
[24/03/2018 - 15:36:46 | D] - Sierra
[25/01/2019 - 12:02:04 | D] - instaldor
[28/01/2019 - 22:05:43 | D] - Jogos
[26/05/2019 - 18:37:51 | HD] - VTRoot
[22/09/2019 - 20:11:51 | D] - Boruto
[07/12/2019 - 06:14:52 | D] - PerfLogs
[20/02/2020 - 17:16:08 | D] - Arquivos de Programas RFB
[11/07/2020 - 22:42:25 | D] - Python
[26/09/2020 - 18:38:31 | HD] - $WinREAgent
[29/09/2020 - 01:55:27 | SHD] - Recovery
[14/11/2020 - 21:30:44 | D] - SecurityCheck
[30/11/2020 - 16:58:48 | HD] - ProgramData
[28/02/2021 - 19:33:11 | D] - FRST
[12/03/2021 - 00:46:33 | D] - Windows
[22/03/2021 - 12:07:29 | RD] - Users
[22/03/2021 - 12:09:00 | RD] - Program Files
[24/03/2021 - 18:41:55 | RD] - Program Files (x86)

Infected elements : 0
Analyzed elements : 88788 in 00h 00m 51s

# UsbFix-Report-01.txt [6841B]

------------ | E.O.F  |
 

 

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : USB
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 24/03/2021 18:48:14
# ----------------------------------------------------

------------ | Analyzed disks |

H:\    FAT32    (8GB/8GB)    [Removable] 

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync

------------ | H:\ - Removable drive (FAT32) |


Infected elements : 0
Analyzed elements : 65992 in 00h 00m 12s

# UsbFix-Report-01.txt [4912B]

------------ | E.O.F  |
 

Share this post


Link to post
Share on other sites

/!\ Bom Dia! Annluciap /!\

 

------------ | Infected elements |

~ No element detected ~
>
> Não houve infecção ao sistema,segundo a UsbFix.

> Copie estas informações que estão no Spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )

 

7n1UbBWO_t.jpg

 

start::
CloseProcesses:
Createrestorepoints:
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO
Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms}
FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
EmptyTemp:
Reboot:
end::

 

IsRtnte.jpg

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

< Este script foi elaborado exclusivamente para este computador,portanto peço aos visitantes que não o utilize em outras "máquinas". >

 

[]s

Share this post


Link to post
Share on other sites

Boa tarde, DigRam!

 

Segue abaixo o relatório.

 

Obrigada.

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-03-2021
Executado por Ivan (28-03-2021 16:01:53) Run:4
Executando a partir de C:\Users\Ana\Desktop
Perfis Carregados: Ivan & Ana & postgres
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CloseProcesses:
Createrestorepoints:
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO
Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms}
FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
EmptyTemp:
Reboot:

*****************

Processos fechados com sucesso.
Createrestorepoints: => Erro: Nenhuma correção automática foi encontrada para esta entrada.
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso.
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk => Atalho argumento removido (a) com sucesso.
"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL" => removido (a) com sucesso.
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}" => removido (a) com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 12607488 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 195212909 B
Java, Flash, Steam htmlcache => 1095 B
Windows/system/drivers => 141098158 B
Edge => 0 B
Chrome => 2284501 B
Firefox => 1138797994 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9019374 B
Ivan => 1183767532 B
Ana => 1441549614 B
postgres => 1441549614 B

RecycleBin => 775424631 B
EmptyTemp: => 5.9 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 16:08:56 ====

 

Share this post


Link to post
Share on other sites

/!\ Bom Dia! Annluciap /!\

 

EmptyTemp: => 5.9 GB de dados temporários Removidos.

 

A limpeza de temporários foi substancial,pelo visto.

Como está sua máquina!

Tudo Ok?

 

[]s

 

 

 

 

Share this post


Link to post
Share on other sites

Boa noite, DigRam!

 

O computador está menos lento pós limpeza!

 

O que aconteceu hoje foi de novo um malware em outro pendrive. Não usava esse pendrive há muito tempo. 

 

Utilizando o UsbFix foi detectado um malware em um arquivo. Esse arquivo foi para a quarentena. Eu acabei não gerando o relatório. 

 

Posteriormente, eu utilizei de novo a ferramenta UsbFix e seguem abaixo os relatórios.

 

Obrigada novamente!

 

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Windows
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 21/04/2021 19:06:06
# ----------------------------------------------------

------------ | Analyzed disks |

C:\    NTFS    (208GB/465GB)    [Fixed] 

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

------------ | Tasks |

Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync

------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |

[13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt
[21/04/2021 - 17:37:07 | ASH | 8 Ko] - DumpStack.log.tmp
[21/04/2021 - 17:37:06 | ASH | 3138180 Ko] - hiberfil.sys
[21/04/2021 - 17:37:07 | ASH | 2359296 Ko] - pagefile.sys
[21/04/2021 - 17:37:07 | ASH | 262144 Ko] - swapfile.sys
[06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd
[10/06/2020 - 20:06:24 | SHD] - Config.Msi
[06/03/2017 - 22:23:55 | A | 2 Ko] - console.log
[13/04/2021 - 11:10:37 | ASH | 8 Ko] - DumpStack.log
[25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat
[30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin
[14/07/2009 - 02:08:56 | SHD] - Documents and Settings
[12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas
[12/11/2013 - 10:20:06 | RHD] - MSOCache
[06/02/2014 - 12:56:19 | D] - Php2
[06/02/2014 - 13:13:19 | D] - PHP
[06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME
[15/12/2014 - 09:21:55 | D] - temp
[06/02/2015 - 16:28:10 | D] - Level up
[01/09/2015 - 10:08:30 | D] - MySQL_1
[23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c
[30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT
[07/09/2017 - 21:37:32 | D] - dosprog
[02/03/2018 - 14:47:49 | HD] - $SysReset
[03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies
[24/03/2018 - 15:36:46 | D] - Sierra
[25/01/2019 - 12:02:04 | D] - instaldor
[28/01/2019 - 22:05:43 | D] - Jogos
[26/05/2019 - 18:37:51 | HD] - VTRoot
[22/09/2019 - 20:11:51 | D] - Boruto
[07/12/2019 - 06:14:52 | D] - PerfLogs
[11/07/2020 - 22:42:25 | D] - Python
[26/09/2020 - 18:38:31 | HD] - $WinREAgent
[29/09/2020 - 01:55:27 | SHD] - Recovery
[14/11/2020 - 21:30:44 | D] - SecurityCheck
[30/11/2020 - 16:58:48 | HD] - ProgramData
[22/03/2021 - 12:07:29 | RD] - Users
[22/03/2021 - 12:09:00 | RD] - Program Files
[26/03/2021 - 16:11:16 | RD] - Program Files (x86)
[28/03/2021 - 16:25:14 | D] - FRST
[10/04/2021 - 20:19:32 | D] - Arquivos de Programas RFB
[20/04/2021 - 18:30:01 | D] - Windows

Infected elements : 0
Analyzed elements : 86318 in 00h 00m 23s

# UsbFix-Report-47.txt [6740B]

------------ | E.O.F  |
 

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Shell Menu
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 21/04/2021 19:29:24
# ----------------------------------------------------

------------ | Analyzed disks |

H:\    FAT32    (2GB/4GB)    [Removable] 

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

------------ | Tasks |

Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync

------------ | H:\ - Removable drive (FAT32) |

[15/06/2013 - 09:35:56 | N | 0 Ko] - ~$Fromages_2013.pptx
[10/04/2021 - 20:32:02 | D] - autorun.inf
[12/04/2012 - 21:33:58 | D] - Backup pen drive
[12/04/2012 - 21:34:48 | D] - Backup pendrive
[12/04/2012 - 21:34:50 | D] - Arquivos 15
[12/04/2012 - 21:34:52 | D] - Arquivos 14
[12/04/2012 - 21:34:56 | D] - Arquivos 13
[17/11/2012 - 14:47:46 | D] - Arquivos 12
[17/11/2012 - 14:48:48 | D] - Arquivos 11
[17/11/2012 - 14:49:08 | D] - Arquivos 10
[19/11/2013 - 15:29:16 | D] - Arquivos 9
[25/02/2014 - 15:46:00 | D] - Arquivos 8
[24/11/2014 - 19:41:56 | D] - Arquivos 6
[27/02/2015 - 13:15:48 | D] - Arquivos 5
[23/09/2015 - 18:11:04 | D] - Arquivos 4
[06/06/2017 - 13:59:10 | D] - Arquivos 3
[10/08/2017 - 17:06:52 | D] - Arquivos 2
[19/09/2019 - 10:43:26 | D] - Arquivos 1
[21/04/2021 - 19:28:30 | RD] - Desktop

Infected elements : 0
Analyzed elements : 9227 in 00h 00m 01s

# UsbFix-Report-52.txt [5648B]

------------ | E.O.F  |
 

Share this post


Link to post
Share on other sites

/!\ Boa Noite! Annluciap /!\

 

> Baixe: < SFT_Icon_zpsf8e1bf56.png SFTGC > ( ... de Pierre13 )

 

< Ou Aqui > << Link!

> Desabilite seu antivírus!
> Tendo dificuldades no download,utilize o navegador Internet Explorer.
> Feche programas que estejam abertos!
> Para Windows 10,8.1 e 7,execute "SFTGC.exe" como administrador!

 

SFTGC_Go_zps151dad06.jpg

 

> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

 

> Acesse,para esta tarefa! < Cjoint_Logo.jpg >

 

Citar


> Ou aqui,em Up.Security-x.fr

 

[Abs]

Share this post


Link to post
Share on other sites

Boa noite, DigRam!

 

Desculpa pela demora.

 

Minha máquina parou de funcionar. Problema com a placa mãe e não teve como consertar. Restou apenas o HD interno que com um case agora é um HD externo.

 

Por isso peço, por favor, para arquivar esse tópico, ok?

 

Obrigada!

Share this post


Link to post
Share on other sites

/!\ Ok! Annluciap /!\

 

O Tópico será MOVIDO para setor adequado.

 

[]s

Share this post


Link to post
Share on other sites

Tópico Arquivado

 

Conforme petição do autor,este Tópico foi arquivado.

Edited by DigRam

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • By cristiano kunz nadler
      Olá Srs, e Obrigado pela oportunidade.
       
      Não consigo baixar o FRST porque não consigo navegar, o navegador fica aumentando o zoom e diminuindo sozinho, o cursor anda sozinho, clica em diversas coisas e um risco fica subindo e descendo na tela. Não consigo acessar nenhuma página por ele.
      Não consigo baixar nada e nem rodar o FRST.
      Estou postando aqui, pois acredito que o outro post foi em um subfórum errado.
      Conseguem me ajudar? Obrigado
       
    • By Gsbad
      Bem, sao dois problemas, o primeiro é o do malware no google chrome, que mal instalei e ja pegou alguma ferramenta maliciosa. Seguem os relatorios:
       
      Adittion.txt:
      https://www.cjoint.com/c/IJhcd2nBPRB
       
      FRST.txt:
      https://www.cjoint.com/c/IJhchjGcRMB

      E gostaria de saber se é possivel saber o motivo de uma tela azul q deu no meu note ontem, quando eu tentava atualizar um drive atravez da ferramenta dell update.
    • By ricardonews
      olá pessoal, estou com dúvida entre o dismhost.exe no windows 7 home basic, ele se encontra dentro do win32 será que não pode ser um malware? alguem sabe o local exato que fica esse arquivo no windows? faz dias que eu notei, mas ontem eu deletei uma particão que estava diferente das outras e até da unidade c onde fica o windows, porque ela estava verde e veio uma mensagem que não podia depos de deletar ela, tambem notei que deletou uma partição reservado pelo sistema e eu não deletei e depois disso fica dando  sinapse da microsoft quando vou lá na opção gerenciamento de disco é que isso ocorre sempre depos que saio. estou desconfiado desse dismhost.
    • By Eduarda Lang Duarte
      O windows diz que não pode encontrar programas da Office 2010, eu ja tentei ir no Regedit e renomear o Office como Office.old e não funcionou, tentei reparar mas sempre aparece que não acha uma dll diferente. Eu já vi várias pessoas com o mesmo problema que eu, e disseram que é vírus, como eu resolvo? É minha primeira vez nesse site, se tiver algo errado, me falem que eu arrumo.
    • By richard .g.d.m
      Já fiz todos os procedimentos solicitados no Tópico Oficial.
       
      Mas meu problema é quando eu abro uma página na web meu navegador abre varias paginas diferentes da qual eu abri.
×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.